Documentation
¶
Overview ¶
Package azkv contains an implementation of the codeberg.org/CodingPuffin/sops/v3/keys.MasterKey interface that encrypts and decrypts the data key using Azure Key Vault with the Azure Key Vault Keys client module for Go.
Index ¶
- Constants
- type MasterKey
- func (key *MasterKey) Decrypt() ([]byte, error)
- func (key *MasterKey) Encrypt(dataKey []byte) error
- func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error
- func (key *MasterKey) EncryptedDataKey() []byte
- func (key *MasterKey) NeedsRotation() bool
- func (key *MasterKey) SetEncryptedDataKey(enc []byte)
- func (key MasterKey) ToMap() map[string]interface{}
- func (key *MasterKey) ToString() string
- func (key *MasterKey) TypeToIdentifier() string
- type TokenCredential
Constants ¶
const (
// KeyTypeIdentifier is the string used to identify an Azure Key Vault MasterKey.
KeyTypeIdentifier = "azure_kv"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type MasterKey ¶
type MasterKey struct {
// VaultURL of the Azure Key Vault. For example:
// "https://myvault.vault.azure.net/".
VaultURL string
// Name of the Azure Key Vault key in the VaultURL.
Name string
// Version of the Azure Key Vault key. Can be empty.
Version string
// EncryptedKey contains the SOPS data key encrypted with the Azure Key
// Vault key.
EncryptedKey string
// CreationDate of the MasterKey, used to determine if the EncryptedKey
// needs rotation.
CreationDate time.Time
// contains filtered or unexported fields
}
MasterKey is an Azure Key Vault Key used to Encrypt and Decrypt SOPS' data key.
func MasterKeysFromURLs ¶
MasterKeysFromURLs takes a comma separated list of Azure Key Vault URLs, and returns a slice of new MasterKeys.
func NewMasterKey ¶
NewMasterKey creates a new MasterKey from a URL, key name and version, setting the creation date to the current date.
func NewMasterKeyFromURL ¶
NewMasterKeyFromURL takes an Azure Key Vault key URL, and returns a new MasterKey. The URL format is {vaultUrl}/keys/{keyName}/{keyVersion}.
func (*MasterKey) Decrypt ¶
Decrypt decrypts the EncryptedKey field with Azure Key Vault and returns the result.
func (*MasterKey) Encrypt ¶
Encrypt takes a SOPS data key, encrypts it with Azure Key Vault, and stores the result in the EncryptedKey field.
func (*MasterKey) EncryptIfNeeded ¶
EncryptIfNeeded encrypts the provided SOPS data key, if it has not been encrypted yet.
func (*MasterKey) EncryptedDataKey ¶
EncryptedDataKey returns the encrypted data key this master key holds.
func (*MasterKey) NeedsRotation ¶
NeedsRotation returns whether the data key needs to be rotated or not.
func (*MasterKey) SetEncryptedDataKey ¶
SetEncryptedDataKey sets the encrypted data key for this master key.
func (*MasterKey) TypeToIdentifier ¶
TypeToIdentifier returns the string identifier for the MasterKey type.
type TokenCredential ¶
type TokenCredential struct {
// contains filtered or unexported fields
}
TokenCredential is an azcore.TokenCredential used for authenticating towards Azure Key Vault.
func NewTokenCredential ¶
func NewTokenCredential(token azcore.TokenCredential) *TokenCredential
NewTokenCredential creates a new TokenCredential with the provided azcore.TokenCredential.
func (TokenCredential) ApplyToMasterKey ¶
func (t TokenCredential) ApplyToMasterKey(key *MasterKey)
ApplyToMasterKey configures the TokenCredential on the provided key.
Source Files